Update: On June 24, 2015, David Shen, the man whose indictment was the focus of the opinion examined below, was acquitted of all the charges against him. You can read a news story about his acquittal in the article you can find here. The story notes that prior to the trial, the prosecutors offered to drop two charges against Shen he he would plead guilty to a misdemeanor, for which he would be put on probation. He refused, went to trial and was acquitted, which only underlines the fact that a charge is just that. The person charged is presumed innocent until and unless the prosecution proves guilty beyond a reasonable doubt.
This post examines an opinion recently issued by a U.S.District Court Judge who sits in the U.S. District Court for the Eastern District of Missouri: U.S. v. Shen, 2015 WL 3417471 (2015). The District Court Judge begins his opinion by explaining that
This post examines an opinion recently issued by a U.S.District Court Judge who sits in the U.S. District Court for the Eastern District of Missouri: U.S. v. Shen, 2015 WL 3417471 (2015). The District Court Judge begins his opinion by explaining that
[p]ursuant to 28 U.S. Code § 636(b), the Court referred all pretrial matters in this case to United States Magistrate Judge Nannette A. Baker for determination and recommended
disposition, where appropriate.
On April 21, 2015, Judge Baker issued a
Report and Recommendation with respect to the motion filed by defendant David
Shen to dismiss Count I of the indictment. Thereafter, the defendant filed
timely objections to the recommendation that his motion be denied.
U.S. v. Shen, supra.
As Wikipedia explains, “[i]n In the United States
federal courts, magistrate judges are
appointed to assist United States district court judges in the performance
of their duties. Magistrate judges are authorized by 28 U.S. Code § 631 et seq.”
Here, the District Court Judge went on to explain that
[p]ursuant to 28 U.S. Code §
636(b)(1), the Court is required to make a de novo determination of
the specified proposed findings and recommendations to which objection is made.
Here, the defendant states that he
objects to the Report and Recommendation `in their entirety in law and fact and
pursuant to 28 U.S. Code 636(b)(1) with respect to each and all said
recommendations, singularly and collectively, of the United States Magistrate
Judge's Report and Recommendations.’
The defendant does not identify a
specific portion of the Report and Recommendation that he objects to, nor does
he state any basis for his objections. The defendant's general, non-specific
objections are insufficient to trigger de
novo review under § 636(b)(1).
U.S. v. Shen, supra.
In her Report and Recommendation, the Magistrate Judge began
by explaining that
David Shen was charged by indictment
with one count of unauthorized access of a computer and one count of attempted
unauthorized access of a computer in violation of the Computer Fraud and Abuse Act (CFAA), 18 U.S. Code § 1030. . . .
Defendant was also charged with a third
count for fraud in violation of 18 U.S. Code § 1343 and 2. On February 23,
2015, Defendant filed a Motion to Dismiss Counts I and II of the Indictment. .
. . The Government filed its Response on March 2, 2015. . . .
On March 25, 2015, the undersigned held
a hearing. At the hearing, counsel for Defendant withdrew his motion as to
Count II. Having considered the briefs of the parties and argument by counsel
at the hearing, the undersigned finds that Defendant's motion to dismiss Count
I should be denied.
U.S. v. Shen, supra. The Department of Justice press release you
can find here provides a little more information about the charges. And the news stories you can find here and
here also provide information about the conduct that led to the charges.
The Magistrate Judge began her analysis of Shen’s argument
as to why Counts I and II should be dismissed by explaining that
[a]n indictment is sufficient if: (1)
it contains all of the essential elements of the offense charged; (2) it fairly
informs the defendant of the charges against which he must defend; and (3) it
alleges sufficient information to allow a defendant to plead a conviction or
acquittal as a bar to a subsequent prosecution. U.S. v. Fleming, 8
F.3d 1264 (U.S. Court of Appeals for the 8th Circuit 1993). `An indictment is
normally sufficient if its language tracks the statutory language.’ U.S. v.
Sewell, 513 F.3d 820 (U.S. Court of Appeals for the 8th Circuit 2008).
An indictment is insufficient if it is
`so defective that it cannot be said, by any reasonable construction, to charge
the offense for which the defendant was convicted.’ U.S. v. Fleming, supra. When a defendant moves to dismiss
a count for failure to state an offense, the court takes the allegations in the
indictment as true and should refrain from considering evidence outside the
indictment. U.S. v. Sampson, 371 U.S. 75 (1962). . . .
U.S. v. Shen, supra.
She then went on to explain that
Count I of the indictment charges Shen
with unauthorized access of a computer in violation of § 1030(a)(2)(C) of the [Computer
Fraud and Abuse Act]. Section 1030(a)(2)(C) provides in relevant
part: `Whoever . . . intentionally accesses a computer without authorization or
exceeds authorized access, and thereby obtains . . . information from any
protected computer . . . shall be punished.’ Through his employment as a risk
manager with Washington University, Shen gained access to password-protected
third party service providers described in the indictment as Service Provider A
and Service Provider B.
On October 6, 2011, Shen resigned from
his position in lieu of being terminated. Count I charges in relevant part:
`On or about October 28, 2011, in the
Eastern District of Missouri and elsewhere, DAVID SHEN, the defendant herein,
intentionally accessed a protected computer used in interstate and foreign
commerce, without authorization and exceeding any authorized access he had
previously been given, and thereby obtained information from that protected
computer . . . to wit, the defendant used his personal computer to access
without authorization, and in excess of any authorized access, a computer
system associated with Service Provider A and thereby downloaded a Risk Report
for Washington University HF Portfolio for the month of August 2011.’
U.S. v. Shen, supra.
The Magistrate Judge also noted that, challenging the
indictment, Shen argued that
Count I should be dismissed for failure
to state an offense because he was authorized to access Service Provider A,
either because he used his personal computer or because his password still
worked. The undersigned disagrees.
U.S. v. Shen, supra.
She went on to explain why she disagreed:
The language of Count I tracks the
language of [18 U.S. Code] § 1030(a)(2)(C) and the Eighth Circuit
Model Jury Instruction. Shen's
arguments are essentially challenges to the sufficiency of the evidence, which
cannot be decided at this stage. U.S. v. Ferro, 252 F.3d 964 (U.S.
Court of Appeals for the 8th Circuit 2001); U.S. v. Perez, 575
F.3d 164 (U.S. Court of Appeals for the 2d Circuit 2009).
The indictment reflects that Shen was
given access to Service Provider A in connection with his employment and that
he accessed Service Provider A after he had resigned. There is significant
authority that such access is unauthorized under § 1030(a)(2)(C). See,
e.g., U.S. v. Steele, 2014 WL 7331679 (U.S. Court of Appeals for the 4th Circuit 2014). . . .
Furthermore, the fact that Shen used
his personal computer does not foreclose a finding of unauthorized access.
Count I specifically alleges that Shen accessed `without authorization, and in
excess of any authorized access, a computer system associated
with Service Provider A.’ While the Government will have to show that Service
Provider A's computer system meets the statutory definition of a `computer,’
nothing more is required at this stage. . . .
U.S. v. Shen, supra (emphasis
in the original).
In the paragraph above, the Magistrate Judge explains that
the charging language in Count I of the indictment tracked the language of the
U.S. Court of Appeals for the Eighth Circuit’s Model Jury Instruction, i.e.,
the form instruction to be given to a jury when someone is being prosecuted for
this crime. The instruction at issue
provides as follows:
The crime of computer fraud to obtain
confidential information . . . has two essential elements, which are:
One, the defendant
intentionally accessed a computer without authorization or exceeding authorized
access, and
Two, the defendant obtained
information.
U.S. v. Shen, supra
(quoting Model Instruction 6.18.1030B).
She goes on to explain that Shen
additionally argues that §
1030(a)(2)(C) is impermissibly vague as applied to him. He essentially
argues that his authorization hinges on an agreement between his employer and
Service Provider A which he never saw and therefore he had no notice that his
conduct was criminal. The argument fails.
There is some disagreement as to
whether an employee who properly accesses a computer and then misuses the
information can be convicted under § 1030(a)(2)(C). See U.S. v.
Nosal, 676 F.3d 854 (U.S. Court of Appeals for the 9th Circuit 2012).
However, courts are clear that employees who gain access to a computer through
their employment lose authorization once they have resigned or been terminated. See, e.g., U.S. v. Steele, 2014
WL 7331679 (U.S. Court of Appeals for the 4th Circuit 2014). . . .
U.S. v. Shen, supra.
For all these reasons, the Magistrate Judge recommended that
Shen’s motion to dismiss Count I be denied.
U.S. v. Shen, supra.
The District Court Judge then found that
that the magistrate judge did not err
in her analysis of the law applicable to the defendant's motion. Accordingly,
for the reasons discussed above,
IT IS HEREBY ORDERED that
the Report and Recommendation of United States Magistrate Judge Nannette A.
Baker is sustained, adopted, and incorporated herein.
U.S. v. Shen, supra (emphasis
in the original). So, Shen lost on his motion to dismiss Count I of the indictment.
No comments:
Post a Comment